Platform

    Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

    Platform Overview
  • Infrastructure
    monitoring
  • Cloud monitoring
  • Digital experience
  • AIOPS

      • Solutions

      Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

      Solutions Overview
    By Initiative
    By Industry

      About us

      Get to know LogicMonitor and our team.

      About us
    Get to know us
    Services

      Resources

      Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

      View Resources
    Learn

      Documentation

      Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

      View Resources
    Support

    Product Documentation

    REST API Authentication

    Last updated on 24 April, 2024

    Each request sent to the LogicMonitor server is made over HTTPS and thoroughly authenticated. All data is received as JSON.  LogicMonitor’s REST API supports the API token authentication method.

    LogicMonitor API authentication differs as per versions.

    • v1 API authentication– Supports basic authentication.
    • v2 and v3 API authentication– Supports token-based authentication (LMv1 and Bearer token)

    Bearer Token

    The bearer token is a combination of multiple alpha numeric characters and is auto-generated by LogicMonitor. You can use bearer token to authenticate yourself to use LogicMonitor Python and GO v3 SDK files, and LogicMonitor REST API v3.

    As a LogicMonitor customer, when you buy a license for a device you are eligible to get a bearer token. You do not need a specific role to get the token. It is unique for each user.

    Once you get the bearer token, you must add it to the API requests just once. LogicMonitor REST API code reuses the token without you having to enter it every time. As a developer using LogicMonitor REST API, you need not develop authentication header or write commands to authenticate yourself.

    To maintain secrecy of the bearer token, once you save the token, the system automatically masks some part of it with asterisks (*). For more information, see Bearer Token.

    LMv1 Token

    The LMv1 token-based authentication method requires that with every request you include a custom HTTP header containing:

    • Your API Token Access ID
    • A Base64 encoded HMAC signature based on your API Token Access Key
    • A timestamp in epoch milliseconds

    Specifically, you must concatenate request details to form a string, and use your Access Key to calculate the HMAC-SHA256 of that string. You then need Base64 to encode the result. 

    The complete Base64 encoded HMAC signature should be in the following format:

    signature = base64(HMAC-SHA256(Access Key,HTTP VERB + TIMESTAMP (in epoch milliseconds) + POST/PUT DATA (if any) + RESOURCE PATH) )

    The full authentication header must be in the following format:

    Authorization: LMv1 AccessId:Signature:Timestamp

    How is Authentication Done?

    When LogicMonitor servers receive an API request, they ensure the specified timestamp is within 30 minutes of the current time. If that requirement is satisfied, they retrieve the Access Key associated with the specified Access ID and compute the signature in the above format. The servers compare that signature to the signature included in the request. If the two signatures match, the request is authenticated, but still subject to the permissions associated with the API Token (the token Access ID and Access Key must have sufficient permission to perform the requested action). In the event that the two signatures do not match, an error will be returned.

    Note: Query parameters (for example: filter, fields, sort, and size) are not considered part of the resource path, and must not be included in the calculation of authentication signature.

    Basic Authentication

    LogicMonitor’s REST API for v1 supports HTTP Basic Authentication. To use HTTP Basic Authentication, each request must include an HTTP header with the following authentication information: Authorization:Basic `echo -n username:password | base64`

    Almost all web clients support HTTP basic authentication and will construct this header for you.

    In the following example, a user apiUser in account api.logicmonitor.com makes a request to update a website group.

    Examples

    curl --user 'apiUser:example' -H "Content-Type: application/json" -d '{"name":"newWebsiteGroup","description":"testSites","disableAlerting":false}' -X PUT "https://api.logicmonitor.com/santaba/rest/service/groups/7" -v

    In the following example, a user apiUser in account api.logicmonitor.com makes a request to get all website groups.

    wget --auth-no-challenge  --http-user='apiUser' --http-password='example' "https://api.logicmonitor.com/santaba/rest/website/groups"
    In This Article